﻿@using OrchardCore.OpenId.ViewModels
@using OrchardCore.OpenId.Settings;
@using System.Security.Cryptography.X509Certificates
@model OpenIdSettingsViewModel

    <fieldset class="form-group">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="TestingModeEnabled" type="checkbox" data-toggle="collapse active" data-target="#certArea" class="form-check-input" checked="@Model.TestingModeEnabled"/>
                @T["Enable Testing Mode"]
            </label>
        </div>
        <span class="hint">@T["Disables https requirement and uses an ephemeral signing key."]</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="AccessTokenFormat">
        <label asp-for="AccessTokenFormat">@T["Token Format"] <span asp-validation-for="AccessTokenFormat"></span></label>
        <select asp-for="AccessTokenFormat" class="form-control">
            @foreach (OpenIdSettings.TokenFormat format in Enum.GetValues(typeof(OpenIdSettings.TokenFormat)))
            {
                <option value="@format" selected="@(Model.AccessTokenFormat == format)">@format.ToString()</option>
            }
        </select>
        <span class="hintAccessTokenFormat hint collapse" id="Hint_JWT">@T["If you are using a self-signed certificate for SSL keep in mind JWT requires the client has the SSL certificate registered as a trusted certificate."]</span>
        <span class="hintAccessTokenFormat hint collapse" id="Hint_Encrypted">@T["Encrypted format relies on .Net Data Protection API. It allows the use of a self-signed certificate for SSL without needing it to be registered as trusted in the client."]</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="Authority">
        <label asp-for="Authority">@T["Authority"] <span asp-validation-for="Authority"></span></label>
        <input asp-for="Authority" class="form-control" />
        <span class="hint">@T["The base url of the identity server (this site). In production this base url have to use https schema. Recommended Value:"] @Model.SslBaseUrl</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="Audiences">
        <label asp-for="Audiences">@T["Audiences"] <span asp-validation-for="Audiences"></span></label>
        <input asp-for="Audiences" class="form-control" />
        <span class="hint">@T["Base urls sepparated by commas of the resource servers for which this identity server issues tokens. If you are providing tokens for accessing resources on this site Audiences should be equal to Authority url. In production those urls should use https schema."]</span>
    </fieldset>

    <div id="certArea" class="collapse">
        <fieldset class="form-group" asp-validation-class-for="CertificateStoreLocation">
            <label asp-for="CertificateStoreLocation">@T["Certificate Store Location"] <span asp-validation-for="CertificateStoreLocation"></span></label>
            <select asp-for="CertificateStoreLocation" class="form-control">
                @foreach (StoreLocation location in Enum.GetValues(typeof(StoreLocation)))
                {
                    <option value="@location" selected="@(Model.CertificateStoreLocation == location)">@location.ToString()</option>
                }
            </select>
            <span class="hint">@T["Select the certificate location."]</span>
        </fieldset>

        <fieldset class="form-group" asp-validation-class-for="CertificateStoreName">
            <label asp-for="CertificateStoreName">@T["Certificate Store Name"] <span asp-validation-for="CertificateStoreName"></span></label>
            <select asp-for="CertificateStoreName" class="form-control">
                @foreach (StoreName store in Enum.GetValues(typeof(StoreName)))
                {
                    <option value="@store" selected="@(Model.CertificateStoreName == store)">@store.ToString()</option>
                }
            </select>
            <span class="hint">@T["Select the certificate store."]</span>
        </fieldset>

        <fieldset class="form-group" asp-validation-class-for="CertificateThumbPrint">
            @if (Model.AvailableCertificates.Any())
            {

                <label asp-for="CertificateThumbPrint">@T["Certificate"] <span asp-validation-for="CertificateThumbPrint"></span></label>
                <select asp-for="CertificateThumbPrint" class="form-control">
                    @foreach (var certificate in Model.AvailableCertificates)
                    {
                        var selectedCertificate = Model.CertificateThumbPrint == certificate.ThumbPrint
                                                   && Model.CertificateStoreLocation.HasValue && Model.CertificateStoreLocation.Value == certificate.StoreLocation
                                                   && Model.CertificateStoreName.HasValue && Model.CertificateStoreName == certificate.StoreName;
                        if (string.IsNullOrWhiteSpace(certificate.ThumbPrint))
                        {
                            <option value="" data-StoreLocation="@certificate.StoreLocation" data-StoreName="@certificate.StoreName" selected="@(selectedCertificate)"></option>
                            continue;
                        }
                        var friendlyName = certificate.FriendlyName;
                        if (string.IsNullOrWhiteSpace(friendlyName) && !string.IsNullOrWhiteSpace(certificate.ThumbPrint))
                        {
                            friendlyName = "No Friendly Name";
                        }
                        <option value="@certificate.ThumbPrint" data-StoreLocation="@certificate.StoreLocation" data-StoreName="@certificate.StoreName" selected="@(selectedCertificate)">
                            @friendlyName [@certificate.NotBefore.ToString("dd/MM/yy") - @certificate.NotAfter.ToString("dd/MM/yy")] @certificate.Subject
                        </option>
                    }
                </select>
                <span class="hint">@T["Select the certificate for signing tokens."]</span>
            }
            else
            {
                <div class="alert alert-warning" asp-validation-for="CertificateThumbPrint">@T["You need to add a certificate to your server for setting up OpenID Connect module."]</div>
            }
        </fieldset>
    </div>

    <h3>Endpoints</h3>
    <fieldset class="form-group" asp-validation-class-for="EnableTokenEndpoint">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="EnableTokenEndpoint" class="form-check-input" />
                @T["Enable Token Endpoint"]
            </label>
        </div>
        <span class="hint">@T["Enables action /OrchardCore.OpenId/Access/Token"]</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="EnableAuthorizationEndpoint">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="EnableAuthorizationEndpoint" class="form-check-input" />
                @T["Enable Authorization Endpoint"]
            </label>
        </div>
        <span class="hint">@T["Enables action /OrchardCore.OpenId/Access/Authorize"]</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="EnableLogoutEndpoint">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="EnableLogoutEndpoint" class="form-check-input" />
                @T["Enable Logout Endpoint"]
            </label>
        </div>
        <span class="hint">@T["Enables action /OrchardCore.OpenId/Access/Logout"]</span>
    </fieldset>

    <fieldset class="form-group" asp-validation-class-for="EnableUserInfoEndpoint">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="EnableUserInfoEndpoint" class="form-check-input" />
                @T["Enable User Info Endpoint"]
            </label>
        </div>
        <span class="hint">@T["Enables action /OrchardCore.OpenId/UserInfo/Me"]</span>
    </fieldset>

    <h3>Flows</h3>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowAuthorizationCodeFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowAuthorizationCodeFlow" class="form-check-input" />
                @T["Allow Authorization Code Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth</a></span>
    </fieldset>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowHybridFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowHybridFlow" class="form-check-input" />
                @T["Allow Hybrid Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth</a></span>
    </fieldset>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowImplicitFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowImplicitFlow" class="form-check-input" />
                @T["Allow Implicit Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth</a></span>
    </fieldset>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowPasswordFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowPasswordFlow" class="form-check-input" />
                @T["Allow Password Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.3">https://tools.ietf.org/html/rfc6749#section-1.3.3</a></span>
    </fieldset>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowRefreshTokenFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowRefreshTokenFlow" class="form-check-input" />
                @T["Allow Refresh Token Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens">http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens</a></span>
    </fieldset>

    <fieldset class="form-group collapse" asp-validation-class-for="AllowClientCredentialsFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowClientCredentialsFlow" class="form-check-input" />
                @T["Allow Client Credentials Flow"]
            </label>
        </div>
        <span class="hint">@T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.4">https://tools.ietf.org/html/rfc6749#section-1.3.4</a></span>
    </fieldset>

<script at="Foot" type="text/javascript">
////<![CDATA[
    window.onload = function () {
        refreshTokenTypeHint();
        refreshTestingModeEnabled();
        refreshEndpoints();
        $("#@Html.IdFor(m => m.AccessTokenFormat)").change(function () {
            refreshTokenTypeHint();
        });
        $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option").hide();
        $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option[data-StoreLocation=" + $("#@Html.IdFor(m => m.CertificateStoreLocation)").val() + "][data-StoreName=" + $("#@Html.IdFor(m => m.CertificateStoreName)").val() + "]").show();
        $("#@Html.IdFor(m => m.CertificateStoreLocation)").change(function () {
            $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option").hide();
            $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option[data-StoreLocation=" + $(this).val() + "][data-StoreName=" + $("#@Html.IdFor(m => m.CertificateStoreName)").val() + "]").show();
        });
        $("#@Html.IdFor(m => m.CertificateStoreName)").change(function () {
            $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option").hide();
            $("#@Html.IdFor(m => m.CertificateThumbPrint)").children("option[data-StoreLocation=" + $("#@Html.IdFor(m => m.CertificateStoreLocation)").val() + "][data-StoreName=" + $(this).val() + "]").show();
        });
        $("#@Html.IdFor(m => m.EnableTokenEndpoint), #@Html.IdFor(m => m.EnableAuthorizationEndpoint), #@Html.IdFor(m => m.AllowPasswordFlow), #@Html.IdFor(m => m.AllowAuthorizationCodeFlow), #@Html.IdFor(m => m.AllowHybridFlow)").change(function () {
            refreshEndpoints();
        });
        function refreshTokenTypeHint() {
            var accessTokenFormat = $("#@Html.IdFor(m => m.AccessTokenFormat)");
            $("#Hint_JWT").collapse(accessTokenFormat.val() == "@(OpenIdSettings.TokenFormat.JWT)" ? "show" : "hide");
            $("#Hint_Encrypted").collapse(accessTokenFormat.val() == "@(OpenIdSettings.TokenFormat.Encrypted)" ? "show" : "hide");
        }
        function refreshTestingModeEnabled() {
            var testingModeEnabled = $("#@Html.IdFor(m => m.TestingModeEnabled)");
            $("#certArea").collapse(testingModeEnabled.prop("checked") ? "hide" : "show");

        }
        function refreshEndpoints() {
            refreshEnableTokenEndpoint();
            refreshAllowAuthorizationCodeFlowAndHybridFlowVisibility();
            refreshEnableAuthorizationEndpoint();
            refreshAllowRefreshTokenFlowVisibility();
        }
        function refreshEnableTokenEndpoint() {
            var enableTokenEndpoint = $("#@Html.IdFor(m => m.EnableTokenEndpoint)");
            var allowPasswordFlow = $("#@Html.IdFor(m => m.AllowPasswordFlow)");
            var allowClientCredentialsFlow = $("#@Html.IdFor(m => m.AllowClientCredentialsFlow)");
            if (!enableTokenEndpoint.prop("checked")) {
                allowPasswordFlow.prop("checked", false);
                allowClientCredentialsFlow.prop("checked", false);
            }
            var showOrHide = enableTokenEndpoint.prop("checked") ? "show" : "hide";
            allowPasswordFlow.parent().parent().parent().collapse(showOrHide);
            allowClientCredentialsFlow.parent().parent().parent().collapse(showOrHide);
        }
        function refreshEnableAuthorizationEndpoint() {
            var enableAuthorizationEndpoint = $("#@Html.IdFor(m => m.EnableAuthorizationEndpoint)");
            var allowImplicitFlow = $("#@Html.IdFor(m => m.AllowImplicitFlow)");
            if (!enableAuthorizationEndpoint.prop("checked")) {
                allowImplicitFlow.prop("checked", false);
            }
            allowImplicitFlow.parent().parent().parent().collapse(enableAuthorizationEndpoint.prop("checked") ? "show" : "hide");
        }
        function refreshAllowAuthorizationCodeFlowAndHybridFlowVisibility() {
            var allowAuthorizationCodeFlow = $("#@Html.IdFor(m => m.AllowAuthorizationCodeFlow)");
            var allowHybridFlow = $("#@Html.IdFor(m => m.AllowHybridFlow)");
            if ($("#@Html.IdFor(m => m.EnableTokenEndpoint)").prop("checked") && $("#@Html.IdFor(m => m.EnableAuthorizationEndpoint)").prop("checked")) {
                allowAuthorizationCodeFlow.parent().parent().parent().collapse("show");
                allowHybridFlow.parent().parent().parent().collapse("show");
            }
            else {
                allowAuthorizationCodeFlow.prop("checked", false);
                allowAuthorizationCodeFlow.parent().parent().parent().collapse("hide");
                allowHybridFlow.prop("checked", false);
                allowHybridFlow.parent().parent().parent().collapse("hide");
            }
        }
        function refreshAllowRefreshTokenFlowVisibility() {
            var allowRefreshTokenFlow = $("#@Html.IdFor(m => m.AllowRefreshTokenFlow)");
            if ($("#@Html.IdFor(m => m.EnableTokenEndpoint)").prop("checked")
                && ($("#@Html.IdFor(m => m.AllowPasswordFlow)").prop("checked") || $("#@Html.IdFor(m => m.AllowAuthorizationCodeFlow)").prop("checked") || $("#@Html.IdFor(m => m.AllowHybridFlow)").prop("checked"))) {
                allowRefreshTokenFlow.parent().parent().parent().collapse("show");
            }
            else {
                allowRefreshTokenFlow.prop("checked", false);
                allowRefreshTokenFlow.parent().parent().parent().collapse("hide");
            }
        }
    };
//]]>
</script>